What's new in XCA 2.6.0
Feb 27, 2024
- Export certificates for ovpn file
- SHA1 based MAC for PKCS12
- Support legacy keys and automatically transform them if possible.
- Renew Certificate freeze XCA
- Paste an encrypted private key results in a crash
- Fix crash when deleting CA certificates
- Add flatpak build information and github action
- Subject Alternative Name not filled by all CN
- Improve import: Finish multi import when empty
- Add File extensions in Info.plist supported by XCA
- Quick view of certificates without trying to open XCA
- Pass private key password
- Export PEM + Key in one File
- Impossible to import PKCS#12 (RC40_CBC)
- Make XCA AppStore compliant with -DAPPSTORE_COMPLIANT=ON
New in XCA 2.5.0 (Feb 23, 2024)
- Close #423: parameter --name is not respected when running with CLI
- Close #457: Support Qt5 < 5.12 / python3-sphinxcontrib.qthelp
- Close #440: yellow background makes date text hard to read in dark themes
- Close #437: loading CRL at startup generates an error
- Close #444 cannot update template internal name
- Close #442: asan checks failed
- Close #446: show more information in Recent Databases
- Improve/Fix database loading
- Document vCalendar/ics feature #456
- Fix possible segfault caused by wrong free()
- Add Bulgarian translation
- Close #368: error while creating CRL with CA using EC key (ed25519)
- Treat CKA_ID as byte array, not Bignum
- Fix #321 - decryptKey shows OpenSSL error
- Merge #325 Update entitlement.plist
- Close #366: Not Responding after upgrade
- Add Persian translation .ts file to XCA.
- Close #327: "Dump database" dumps everything to everywhere
- Close #317: "Please insert card: ..." message
- Add Indonesian translation
- Close #283 Nitrokey HSM2 can't create EC keys on 2.4.0
- Switch from autotools/qmake to cmake
- Close #278: Miss components to connect remote database
- Commandline: Add "--list-items" to print a list of database items
- Close #67: possibility to ignore password prompt from CLI
- Close #259: Follow the XDG base directory specification
- Add support for Qt6 and OpenSSL 3.x
- Drop support for Qt4
- Drop support for old XCA < 2.0.0 databases
- Drop support for OpenSSL < 1.1.0
New in XCA 1.4.1 (Mar 5, 2018)
- Replace links to XCA on Sourceforge in the software and documentation by links to my Site.
New in XCA 1.3.2 (Oct 12, 2015)
- Gentoo Bug #562288 linking fails
- Add OID resolver, move some Menu items to "Extra"
- SF. Bug. #81 Make xca qt5 compatible
- SF. Bug. #107 error:0D0680A8:asn1 encoding
- Don't validate notBefore and notAfter if they are disabled.
New in XCA 1.3.1 (Aug 21, 2015)
- Fix endless loop while searching for a signer of a CRL (XCA does not respond)
New in XCA 1.3.0 (Aug 12, 2015)
- Update to OpenSSL 1.0.2d for Windows and MAC
- SF Bug #105 1.2.0 OS X Retina Display Support
- Digitaly sign Windows and MAC binaries with a valid certificate
- Refactor the context menu. Exporting many selected items to the clipboard or a PEM file now works. Certificate renewal and revocation may now be performed on a batch of certificates.
- Feat. Reg. #83 Option to revoke old certificate when renewing
- Refactor revocation handling. All revocation information is stored with the CA and may be modified.
- Revoked certificates may now be deleted from the database
- Support nameConstraints, policyMappings, InhibitAnyPolicy, PolicyConstraint and (OSCP)noCheck when transforming certificates to templates or OpenSSL configs
- Fix SF Bug #104 Export to template introduces spaces
- Add option for disabling legacy Netscape extensions
- Support exporting SSH2 public key to the clipboard
- SF Bug #102 Weak entropy source used for key generation:
- Use /dev/random, mouse/kbd entropy, token RNG
- SF Feat. Req. #80 Create new certificate based on existing certificate, same for requests
- Add Cert/Req Column for Signature Algorithm
- SF Feat. Req. #81 Show key size in New Certificate dialog
- Distinguish export from transform:
- Export writes to an external file
- Transform generates another XCA item
New in XCA 1.2.0 (Aug 12, 2015)
- Update to OpenSSL 1.0.2a for Windows and MAC
- Drop brainpool extra builds
- Use CTRL +/- to change the font size in the view
- Add Row numbering for easy item counting
- Support SSH2 public key format for import and export
- Add support for SHA-224
- Add "xca extract" to export items from the database on the commandline
New in XCA 1.1.0 (Nov 24, 2014)
- SF Bug #79 Template export from WinXP cannot be imported in Linux and Mac OS X
- Support for Brainpool windows and MacOSX binaries
- SF Feat. Req. #70 ability to search certificates
- SF Feat. Req. #75 show SHA-256 digest
- RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate
- Database hardening
- Delete invalid items (on demand)
- Be more tolerant against database errors
- Gracefully handle and repair corrupt databases
- Add "xca_db_stat(.exe)" binary to all installations
- Translation updates
- Optionally allow hash algos not supported by the token
- Select whether to translate established x509 terms
- Finish Token EC and DSA support - generate, import, export, sign
- SF Feat. Req. #57 More options for Distinguished Name
- Switch to autoconf for the configure script
- SF Feature Req. #76 Export private keys to clipboard
- EC Keys: show Curve name in table
- Support EC key generation on PKCS#11 token
- PKCS#11: Make EC and RSA signatures work
- PKCS#11: Fix reading EC keys from card
- SF Bug #82 Certificate Creation out of Spec
- SF Bug #95 XCA 1.0 only runs in French on a UK English Mac
New in XCA 1.0.0 (Oct 24, 2014)
- SF Bug #89 Validating CRL distribution point results in error
- SF Feature Req. #69 Create "Recent databases..." file menu item
- SF Bug #75 authorityInfoAccess set error
- SF Bug #88 Minor spelling error
- SF Bug #87 Unable to set default key length
- The Key generation dialog now allows to remember the current settings
- Do not interpret HTML tags in message boxes
- Overwite extensions from the PKCS#10 request by local extensions
- This avoids duplication errors and allows to overwrite some
- extensions from the request
- SF Bug #78 replace path separators in export filenames
- SF Feature Req. #71 Add KDC Authentication OIDs to default files
- SF Bug #82 Certificate Creation out of Spec
- Add Croatian translation
- SF Bug #83 Inappropriate gcc argument order in configure script
New in XCA 0.9.3 (Oct 24, 2014)
- Fix double free in a1time resulting in random crashes
New in XCA 0.9.2 (Oct 24, 2014)
- Support for Local timezone dates.
- Differentiate between invalid and undefined dates.
- Fix Bug #3461403 Error when create certificate with CRL distribution point
- User error -> Improve user-friendlyness
- Fix Bug #3485139 Exception when creating certificates in passwordless db
- Avoid very long names resulting in duplicate names in the database.
- Add warning colors for expired dates.
New in XCA 0.9.1 (Nov 8, 2011)
- Close bug [ 3372449 ] All numeric names cannot be used
- add search functionality for PKCS#11 libraries
- fix ASN.1 encoding of PKCS#10 request
- Close bug [ 3318203 ] Build failure with GNU gold linker
- Add x509v3 extensions to the list of selectable columns
- Close bug [ 3314262 ] Incorrect "Path length" template parameter handling
- Close bug [ 3314263 ] Unrevoking a certificate does not make it "Trusted"
- Feature Request [3286442] Make success/import messges optional
- improve Password entry
- Improve SPKAC import
- add french translation by Patrick Monnerat
- Export requests or certificates as openssl config file
- Support building with EC disabled
- Close bug [3091576] Private key export is always PKCS#8 encoded
- Feature Request [3058196] Autoload database
- Feature Request [3058195] Export directly to the clipboard
- Close bug [3062711] Additional OIDs
- Close bug [3062708] Invalid user configuration file path name
- Fix PKCS#11 library handling
New in XCA 0.9.0 (Aug 31, 2010)
- support loading more than one PKCS#11 library
- remove the need for engine_pkcs11
- now more than one PKCS#11 library can be loaded and used in parallel
- Add de/selection of columns and add a lot of new possible columns
- All Subject entries, the subject hash and whole name,
- Certificate fingerprints, dates, CA info, CRL number,
- corresponding key of certs and requests
- Improve CRL generation [3035294] CRLNumber, CRLReason
- improve creating templates from cert
- enhance parsing of CRL-DP, SAN, IAN and AuthInfoAcc
- add support for CertificatePolicies
- unknown extension are written as generic DER
- improve date handling. "notBefore" is not reset to now anymore
- when applying a time range
- Support dropping files onto the application
- russian translation by Pavel Belly
- support loading DER formatted PKCS#8 keys
- ease commandline use
- add DH param generation menu entry
- improve token handling and PIN changing dialogs
- improve key-value table input for "additional DN entries"
- PIN and PUK changing implemented
- apply partial template-contents
- applying the subject only or the extensions only is possible now
- add informational messageboxes
- whenever an item was successfully created or imported
- add support for random serial numbers
- improve messages, usability and german translation
- improve token support
- token initializing
- creating keys on a token
- store existing keys on a token
- delete keys and certs from a token
New in XCA 0.8.1 (Jan 13, 2010)
- fix string conversion from QString to ASN1
New in XCA 0.8.0 (Jan 13, 2010)
- improve documentation
- improve file-dialog handling
- Generate Template from certificate or PKCS#10 request
- Feature request [2213094] and [1108304]
- add hash algos "ripemd160" and "SHA384"
- add the "no well-defined date" from RFC 5280 as checkbox
- Feature request [1996192]
- Include "OCSPSigning" in misc/eku.txt
- Support for EC keys
- Updated Step-by-step documentation
- set proper file-extension .xdb on opening databases
New in XCA 0.7.0 (Sep 17, 2009)
- support modifying the CSR subject during signing
- update key images
- fix date settings in Certificate renewal dialog
- fix certificate request verification
- check for duplicate x509 v3 extensions
- Bug [ 1881482 ] and [ 1998815 ]
- make sha1 the default hash to avoid problems with other software
- Bug [ 1751397 ]
- add validation button to see all extensions before creating the cert
- change the hashing for the default password
- this makes it incompatible to older versions
- extend template format for nconf settings
- add nconf input field for arbitrary OpenSSL extensions
- and a "validate" button to check the settings before applying
- fix xca.desktop Bug [ 1837956 ]
- fix item-export error handling
- add PEM paste import feature
- extend PEM import to import all items from a PEM file